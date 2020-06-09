Security and Proprietary Software Leftovers
2021-05 Russian IT Security Updates – allegedly Windows source code for sale [Ed: Lousy code from Microsoft -- code you might only wish to have for the back doors exposed by it. So one can engage in ransom against Windows users, including hospitals.]
The developer of the Salaat First (Prayer Times) app, which reminds Muslims when to pray, recorded and sold detailed information about their location to a data broker without the users ‘ knowledge, who in turn sold the geodata to other clients.
This was reported by the publication Motherboard.
The app sends notifications reminding users when to pray, shows them which direction to pray in by pointing to Mecca, and displays nearby mosques for users based on their current location.
The location data is collected by the French firm Predicio, which was previously linked to a data supply chain involving a U.S. government contractor that worked with U.S. Immigration and Customs Enforcement, U.S. Customs and Border Protection, and the FBI.
Firms Struggle to Secure Multicloud Misconfigurations
Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.
Cyber-crime: Irish health system targeted [sic] twice by [crackers]
The Department of Health said it shut down its IT systems after a ransomware attack on Thursday.
A similar attack on the Health Service Executive (HSE) on Friday caused "substantial" cancellations to outpatient services.
The same cyber-crime group is believed to be behind both incidents, RTÉ has reported.
Ransomware Is Getting Ugly
An industry group called the Institute for Security and Technology (no, I haven’t heard of it before, either) just released a comprehensive report on combating ransomware. It has a “comprehensive plan of action,” which isn’t much different from anything most of us can propose. Solving this is not easy. Ransomware is big business, made possible by insecure networks that allow criminals to gain access to networks in the first place, and cryptocurrencies that allow for payments that governments cannot interdict. Ransomware has become the most profitable cybercrime business model, and until we solve those two problems, that’s not going to change.
China removes 90 apps to check 'irregular collection of personal information'
China's Ministry of Industry and Information Technology (MIIT) announced that the apps were being taken "offline" for an indefinite period. The affected apps include online ticket booking platform Damai, online travel booking app Tuniu, China's biggest LinkedIn rival Maimai, and Tianya, an online community for people to share views and ideas. However, users who already have the apps installed can continue to use them, reported South China Morning Post.
Cisco to acquire threat assessment platform Kenna Security
Networking major Cisco has announced to acquire Kenna Security, makers of a risk-based vulnerability management platform, for an undisclosed sum.
This is the third acquisition by Cisco this week. The company announced its intent to acquire Sedona Systems and Socio Labs earlier this week, but did not disclose financial details.
Kenna is the first significant acquisition for Cisco's security business since its $2.35 billion purchase of Duo Security in 2018.
Adopting zero trust architecture can limit ransomware’s damage
Zero trust is relatively straightforward: Organizations shouldn’t automatically trust anything trying to connect to their network or access their data. Instead, they should verify everything before granting access. Zero trust architecture does not need to be costly or complex to implement, as enterprises can implement zero trust with current technology and updated policies and standards. One way is to identify automated systems in the environment and using allow lists to restrict access to those systems.
Vimix is an Open Source Tool That Helps With Graphical Mixing and Blending Live
There are several Linux tools available for digital artists. However, those are mostly for image manipulation or drawing. So, how can you blend and mix video clips or computer-generated graphics in real-time on Linux? This is mostly a use-case if you are presenting something live for a VJ session or concerts and conferences.
Software Freedom Leftovers
Video and Audio Shows: Nheko Reborn, Nextcloud, Josh Bressers on Security, and Going Linux on Password Managers for Linux
Linux 5.13-rc2
So a week has passed, and rc2 is tagged and pushed out. Things look pretty normal: rc2 tends to be fairly quiet as people start finding issues, and while 5.13 looks to be a pretty big release over-all, the changes in rc2 are if anything slightly smaller than average. But it's well within the noise. The fixes here are all over the place - drivers, arch updates, documentation, tooling.. Nothing particularly stands out, although a fix for some VGA text-mode font size issues is funny (as in "strange", not "ha-ha funny") just because so few people presumably use the extended SVGA text modes any more. That's not recent breakage either. The appended shortlog shows the details. LinusAlso: Linux 5.13-rc2 Released With A VGA Text Mode Fix
